On Sat, Sep 18, 2004 at 02:18:55AM -0700, Don Lewis wrote:
+> On 18 Sep, Pawel Jakub Dawidek wrote:
+> > On Fri, Sep 17, 2004 at 12:37:12PM +0300, Giorgos Keramidas wrote:
+> > +> % +#ifdef INVARIANTS
+> > +> % + KASSERT(0 <= narg && narg <= 8, ("invalid number of syscall args"));
+> > +> % +#endif
+> >
+> > Maybe:
+> > KASSERT(0 <= narg && narg <= sizeof(args) / sizeof(args[0]),
+> > ("invalid number of syscall args"));
+> >
+> > So if we decide to increase/decrease it someday, we don't have to remember
+> > about this KASSERT().
+>
+> What keeps the attacker from installing two syscalls, the first of which
+> pokes NOPs over the KASSERT code, and the second of which accepts too
+> many arguments?First of all, this is not protection from an attacker, but help for bad programmers. +> If you think we really need this bit of extra security, why not just +> prevent the syscall with too many arguments from being registered by +> syscall_register()? At least that keeps the check out of the most +> frequently executed path. Good point, this is much better place for it. -- Pawel Jakub Dawidek http://www.FreeBSD.org [EMAIL PROTECTED] http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am!
pgp95AlGUtH0A.pgp
Description: PGP signature
